Cybercriminals behind phishing campaigns have a knack for knowing which trends and topics will catch the eye of potential victims. Sony’s new PS5 is one topic ripe for exploitation, especially since the new console is in short supply due to a scarcity of semiconductor chips. A Friday report from security firm Kaspersky explains how a new scam promising a PS5 is playing out and offer tips on how to avoid taking the bait.
SEE: Hiring Kit: Game Developer (TechRepublic Premium)
How this scam works
Dangling the prize of a PS5 console, the scammers behind this ploy start with phishing emails that promise recipients a chance to win a new PlayStation 5. The contest is apparently “free for everyone,” with only your email required (at least initially) to register.
Registering takes you to a landing page that proudly proclaims you as one of ten lucky visitors who can win the coveted console this week. But you have to act within the next minute and 18 seconds. All you need do is complete a short survey to enter the drawing.
After you finish the survey by checking all the boxes, several virtual gift packages pop up on the screen, only one of which is the winner. But surprise, surprise! Whichever one you choose, you’re picked as that winner.
Aaah, but the quest for your prize isn’t over yet. At this point, you need to pony up 1 pound sterling ($1.40) to claim your console. In return, the folks behind the contest promise to pay for postage and deliver your PS5 in a week.
Next, you’re asked to provide your address, zip code, phone number, and email address, a perfectly valid request if the company is going to send you your console in the mail. But for some reason, the payment rises from 1 pound sterling to 1.78 pounds sterling ($2.47).
Still, a couple of pounds or dollars is nothing in return for a $500 gaming console. Maybe, but how are you going to pay that fee? Yep, you’re asked to provide your credit card details, including your number, expiration date, and three-digit CVV code. Of course, doing so gives the cybercriminals behind this phishing scam a healthy catch to reel in.
The finer details
Some of the details that appear in the phishing email appear legitimate but fall apart upon closer inspection, according to Kaspersky. The sender’s name is India Pharma. That’s a real company but not one associated with any giveaways or contests of gaming consoles.
The tiny terms and conditions at the bottom of the email point to a different company named toleadoo GmbH. Though it sounds phony, it’s a real company based in Germany, but one that’s been hit by a large number of complaints. The small print also mentions “competition T&Cs” but without any type of link to explain further.
Of course, the scammers behind this one hope avid gamers will be so eager to score a free PS5 that they won’t scrutinize the email or think about the information they’re providing. To help people avoid taking the bait for this type of scam, Kaspersky offers a few handy tips:
- Check information about giveaways and other promos on the organizer’s website.
- Don’t follow links in e-mails. Instead, make sure the link is not an ad. Then enter the URL manually if you know it or use a search engine to get there.
- Be wary if getting a prize requires paying a fee, even if the amount is small. You risk losing more than just the amount requested.
- Guard your personal data carefully. If you have any doubts about a website, don’t provide your contact details.
- Use a reliable security solution that warns you when you’re about to visit a fraudulent website.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays